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DETAILED ACTION 

1 . This action is in response to the communication filed on October 23, 2001 . 
Claims 1-23 were originally received for consideration. Per the telephone 
conversation with Timothy Macintyre, claims 1 -16 were elected for further consideration. 
Claims 1 - 16 are currently being considered. 

Election/Restrictions 

2. Claims 1 7-23 are withdrawn from further consideration pursuant to 37 CFR 
1.142(b) as being drawn to a nonelected invention there being no allowable generic or 
linking claim. An election of the remaining claims was made per a telephone 
conversation by Timothy Macintyre on June 20, 2005. 

Information Disclosure Statement 

3. An initialed and dated copy of Applicant's IDS form 1449, received on June 21 , 
2004, is attached to this Office action. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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4. The claimed invention is directed to non-statutory subject matter. Claim 16 is 
non-statutory for at least the reason that it delineates a carrier wave representing 
passwords and key values, and is not a tangible embodiment of a computer-readable 
medium. Furthermore, the index values and the key values are data representations 
without any defined function. 

Claim Rejections - 35 (JSC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-16 are rejected under 35 U.S.C. 102(e) as being anticipated by Baize 
(U.S. Patent No. 6,317,838). 

Regarding claim 1 , Baize discloses: 

A security system for controlling access to a trusted computer network by a client 
computer, comprising: 

a bastion host that controls access to said trusted computer network (Figure 1 
item 5, column 6 lines 3-9); 

a first data store associated with said bastion host and configured to store a set 
of key-password pairs (column 5 lines 27-33); 

a portable storage device (column 7 lines 45-61 ); 
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a second data store associated with said portable storage device and configured 
to store passwords represented in said key-password pairs (column 7 lines 45-61 ); 

a user operable initialization mechanism that interfaces with said first and second 
data stores, said initialization mechanism generating and storing said key-password 
pairs in said first data store and generating and storing said passwords in said second 
data store (column 7 line 45 - column 8 line 8); 

an authentication mechanism having a first component associated with said 
bastion host and having a second component associated with said client computer; 

said first component being configured to communicate a key associated with one 
of said key-password pairs to said second component (column 8 lines 1-16); 

said second component being configured to access said second data store and 
retrieve at least one password represented in said key-password pair (column 7 line 63- 
column 8 line 16); 

said second component being further configured to communicate said at least 
one password to said first component based on input from the user and based on said 
key communicated from said first component (column 7 line 62 - column 8 line 16). 

Claim 4 is rejected as applied above in rejecting claim 1. Furthermore, Baize discloses: 

The system of claim 1 wherein said portable storage device is a non-volatile 
memory device (column 7 lines 52-67). 

Claim 5 is rejected as applied above in rejecting claim 1. Furthermore, Baize discloses: 
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The system of claim 1 wherein said portable storage device is an optical disk 
(column 7 lines 52-67). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Baize discloses: 

The system of claim 1 further comprising screening router system that blocks 
interaction with said trusted computer network (Figure 1 item 5, column 6 lines 3-9). 

Claim 7 is rejected as applied above in rejecting claim 6. Furthermore, Baize discloses: 

The system of claim 6 further comprising proxy system that integrates with said 
screening router to permit interaction with said trusted computer network under control 
of said authentication mechanism (column 6 lines 33-48). 

Claim 8 is rejected as applied above in rejecting claim 1 . Furthermore, Baize discloses: 

The system of claim 1 further comprising session management system that 
restricts interaction with said trusted computer network to an authenticated active 
session (column 7 lines 1-14). 

Claim 9 is rejected as applied above in rejecting claim 1. Furthermore, Baize discloses: 

The system of claim 1 further comprising session management system that 
restricts interaction with said trusted computer network to predetermined time duration 
(column 7 line 63 - column 8 line 8). 
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Claim 10 is rejected as applied above in rejecting claim 1. Furthermore, Baize 
discloses: 

The system of claim 1 further comprising a plug-in module stored on said 
portable storage device and accessible to said client computer to provide said client 
computer with instructions in implementing said second component of said 
authentication mechanism (column 7 line 62 - column 8 line 16). 

Regarding claim 1 1 , Baize discloses: 

A method of authenticating interaction with a trusted computer network located 
behind a bastion host, comprising: 

defining a secure database protected by said bastion host (column 5 lines 27- 

33); 

providing a portable storage device (column 7 lines 45-61 ); 

providing a user-operable recording mechanism protected by said bastion host 
by which said user stores first information in said secure database and second 
information in said portable storage device (column 7 line 45 - column 8 line 8); 

said first and second information representing components of an encryption key 
system from which at least one password is generated (column 7 line 45 - column 8 line 
8); 

installing said portable storage device at a client computer and establishing 
communication between said bastion host and said client computer (column 7 lines 45- 
62); 
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using said first and second information at said client computer to generate said 
password and communicating said password to said bastion host (colurpn 7 line 45 - 
column 8 line 8); 

evaluating said password at said bastion host and effecting authentication based 
on correspondence of said password to information stored in said secure database 
(column 7 line 45 - column 8 line 16). 

Claim 12 is rejected as applied above in rejecting claim 11. Furthermore, Baize 
discloses: 

The method of claim 1 1 further comprising providing said portable storage device 
with a protected area and storing at least a portion of said second information within 
said protected area (column 7 lines 45-62). 

Claim 13 is rejected as applied above in rejecting claim 11. Furthermore, Baize 
discloses: 

The method of claim 1 1 wherein said user step of storing second information 
includes supplying a secret PIN number and subsequently using said PIN number in 
generating said password (column 7 lines 45-62). 

Claim 14 is rejected as applied above in rejecting claim 1 1 . Furthermore, Baize 
discloses: 
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The method of claim 1 1 comprising providing said portable storage device with a 
protected area and storing a secret session key within said protected area, said session 
key being used to encrypt a user-supplied PIN number prior to use. 

Claim 15 is rejected as applied above in rejecting claim 11. Furthermore, Baize 
discloses: 

The method of claim 1 1 further comprising establishing an active session after 
said step of effecting authentication, and limiting said active session to a predetermined 
time duration (column 7 lines 1-14, column 7 line 63 - column 8 line 8). 

Regarding claim 16, Baize discloses: 

A computer network authentication signal embodied in a carrier wave, 
comprising: 

an index value representing one of a plurality of one-time passwords (column 7 
line 45 - column 8 line 1 6); 

a key value associated with said index value and corresponding to said one of 
said plurality of one-time passwords (column 7 line 45 - column 8 line 16). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 2-3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baize (U.S. Patent No. 6,317,838). 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Baize discloses: 
The system of claim 1 . Baize does not explicitly disclose that the passwords are 
encrypted and stored. Baize discloses that the password are kept in a security server, 
but does not explicitly say that the passwords are encrypted. However, it is well-known 
in the art to encrypt data (passwords) to prohibit a third party from stealing the data 
(password). The security server could keep the passwords in an encrypted form to 
secure the passwords, and then can decrypt them when the password is communicated 
to another component so that the data is only in a decrypted form when it is being 
communicated and not when it is inactive in storage. Therefore it would have been 
obvious to modify the security system of Baize to include an encryption and decryption 
component so that the passwords would be secure when they are not being 
communicated to increase the security of the network 

Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Baize discloses: 
The system of claim 1 . Baize does not explicitly disclose that the passwords are 
encrypted and stored, and then decrypted before they are transmitted to the first 
component. Baize discloses that the password are kept in a security server, but does 
not explicitly say that the passwords are encrypted. However, it is well-known in the art 
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to encrypt data (passwords) to prohibit a third party from stealing the data (password). 
The security server could keep the passwords in an encrypted form to secure the 
passwords, and then can decrypt them when the password is communicated to another 
component so that the data is only in a decrypted form when it is being communicated 
and not when it is inactive in storage. Therefore it would have been obvious to modify 
the security system of Baize to include an encryption and decryption component so that 
the passwords would be secure when they are not being communicated to increase the 
security of the network 

Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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